Targeted For The Holidays

The news that at least 40 million Target shoppers have had their debit or credit cards compromised — I say at least because these numbers always seem to increase — underscores yet again just how antiquated the payment security infrastructure is and how much more needs to be done if we are going to maximize the benefits of electronic commerce. There is no such thing as a silver bullet, but you don’t bring a knife to a gun fight. Here are 4 things that all financial institutions both big and small regardless of their charter type should be pushing for in the year ahead:

1. Let’s get serious about merchant liability. I’m sure Target will end up paying some fines to Visa and MasterCard, but at the end of the day, even though it is an international chain, it has no obligations to make an issuer in Albany whole for the cost of a data breach to its systems. We need a national law imposing liability including potential punitive damages on merchants where their negligence results in data breaches that often cause both reputational and economic harm to financial institutions.

2. Let’s get serious about using the latest fraud protection technology. According to the Smart Card Alliance, which is pushing for the adoption of chip-based credit and debit cards, 80 countries globally including Canada and the UK, and countries in Europe, Latin America and Asia are in various stages of adopting EMV or chip-based technology that provides greater protection against the theft of account information currently stored on the back of magnetic strips. In the UK, fraud on lost and stolen cards is now at its lowest level in two decades and counterfeit card losses have also fallen to the lowest level since 1999.

3. The invention of the Bitcoin has shown that it is possible to use encrypted technology that actually can allow merchants and consumers to interact with each other in a secure environment without the use of credit or debit cards. It’s in the interest of all issuers to make sure that their cards are as safe and easy to use as possible. We aren’t too far from the day where debit and credit cards will simply not be used when making transactions.

4. In fairness to the merchants, one of the toughest issues when dealing with a data breach is when to alert the general public. Although state level laws in New York and other states already require financial institutions aware of data breaches above certain thresholds to notify government officials, prematurely alerting the general public might make it more difficult to figure out whose behind the breach. That being said, retailers have an awfully big incentive to keep their mouth shut about data breaches. For instance, Target only confirmed this latest breach following a report by the blog site Krebs on Security. State legislators should look at ways of strengthening notification requirements so that card issuers don’t have to bear the brunt of irate consumers wondering why there are so many unauthorized purchases on their financial statements.

On a happier note, your faithful blogger is taking the rest of the year off for the holidays. Thanks for reading! I Wish you all a very Merry Christmas and a happy and prosperous New Year!